CA2492986A1 - System and method for a remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components - Google Patents
System and method for a remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components Download PDFInfo
- Publication number
- CA2492986A1 CA2492986A1 CA002492986A CA2492986A CA2492986A1 CA 2492986 A1 CA2492986 A1 CA 2492986A1 CA 002492986 A CA002492986 A CA 002492986A CA 2492986 A CA2492986 A CA 2492986A CA 2492986 A1 CA2492986 A1 CA 2492986A1
- Authority
- CA
- Canada
- Prior art keywords
- status
- certificate
- tcu
- css
- cache memory
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/02—Payment architectures, schemes or protocols involving a neutral party, e.g. certification authority, notary or trusted third party [TTP]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3263—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements
- H04L9/3268—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving certificates, e.g. public key certificate [PKC] or attribute certificate [AC]; Public key infrastructure [PKI] arrangements using certificate validation, registration, distribution or revocation, e.g. certificate revocation list [CRL]
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F15/00—Digital computers in general; Data processing equipment in general
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06Q—INFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
- G06Q20/00—Payment architectures, schemes or protocols
- G06Q20/38—Payment protocols; Details thereof
- G06Q20/389—Keeping log of transactions for guaranteeing non-repudiation of a transaction
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
-
- G—PHYSICS
- G07—CHECKING-DEVICES
- G07F—COIN-FREED OR LIKE APPARATUS
- G07F7/00—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
- G07F7/08—Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
- G07F7/12—Card verification
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L2209/00—Additional information or applications relating to cryptographic mechanisms or cryptographic arrangements for secret or secure communication H04L9/00
- H04L2209/56—Financial cryptography, e.g. electronic payment or e-cash
Abstract
Certificate Status Service that is configurable, directed, and able to retrieve status from any approved Certification Authority (CA) is disclosed.
The CSS may be used by a Trusted Custodial Utility (TCU) and comparable systems or applications whose roles are validating the right of an individual to perform a requisite action, the authenticity of submitted electronic information objects, and the status of authentication certificates used in digital signature verification and user authentication processes. The validity check on authentication certificates is performed by querying an issuing CA.
Traditionally, to create a trusted Public Key Infrastructure (PKI) needed to validate certificates, complex relationships are formed by cross-certification among CAs or by use of PKI bridges. The PKI and CA
interoperability problem is addressed from a different point of view, with a focus on establishing a trust environment suitable for the creation, execution, maintenance, transfer, retrieval and destruction of electronic original information objects that may also be transferable records (ownership may change hands). A TCU is concerned only with a known set of "approved CAs"
although they may support a multitude of business environments, and within that set of CAs, only with those certificates that are associated with TCU
user accounts. Building PKI/CA trusted relationships is not required as the CSS achieves a trusted environment by querying only approved CAs and maintaining caches of valid certificates' status.
The CSS may be used by a Trusted Custodial Utility (TCU) and comparable systems or applications whose roles are validating the right of an individual to perform a requisite action, the authenticity of submitted electronic information objects, and the status of authentication certificates used in digital signature verification and user authentication processes. The validity check on authentication certificates is performed by querying an issuing CA.
Traditionally, to create a trusted Public Key Infrastructure (PKI) needed to validate certificates, complex relationships are formed by cross-certification among CAs or by use of PKI bridges. The PKI and CA
interoperability problem is addressed from a different point of view, with a focus on establishing a trust environment suitable for the creation, execution, maintenance, transfer, retrieval and destruction of electronic original information objects that may also be transferable records (ownership may change hands). A TCU is concerned only with a known set of "approved CAs"
although they may support a multitude of business environments, and within that set of CAs, only with those certificates that are associated with TCU
user accounts. Building PKI/CA trusted relationships is not required as the CSS achieves a trusted environment by querying only approved CAs and maintaining caches of valid certificates' status.
Claims (33)
1. A method of providing a Certificate Status Service ("CSS") for checking validities of authentication certificates issued by respective issuing Certification Authorities ("CAs"), comprising the steps of:
identifying information needed for retrieving a status of an authentication certificate from an issuing CA that issued the authentication certificate;
configuring a connector based on the identified information for communicating with the issuing CA;
communicating with the issuing CA according to the configured connector when the status of the authentication certificate is queried; and retrieving the status of the authentication certificate;
wherein the issuing CA and the connector are designated on a list of approved CAs in a configuration store.
identifying information needed for retrieving a status of an authentication certificate from an issuing CA that issued the authentication certificate;
configuring a connector based on the identified information for communicating with the issuing CA;
communicating with the issuing CA according to the configured connector when the status of the authentication certificate is queried; and retrieving the status of the authentication certificate;
wherein the issuing CA and the connector are designated on a list of approved CAs in a configuration store.
2. The method of claim 1, wherein a local date and time are checked for whether they fall within a validity period indicated in the authentication certificate.
3. The method of claim 1, wherein the issuing CA is included in the list of approved CAs by vetting and approving the issuing CA according to predetermined business rules, and if the issuing CA is vetted and not approved, the issuing CA is designated on a list of not-approved CAs in the configuration store.
4. The method of claim 3, wherein vetting and approving the issuing CA
includes registering a representation of a trusted authentication certificate with the CSS and adding at least the representation, status and a time-to-live data element to a local cache memory, and a connector is configured for retrieving the added status when the status of the trusted authentication certificate is queried.
includes registering a representation of a trusted authentication certificate with the CSS and adding at least the representation, status and a time-to-live data element to a local cache memory, and a connector is configured for retrieving the added status when the status of the trusted authentication certificate is queried.
5. The method of claim 2, further comprising the steps of checking a local cache memory for the status, and if the status is found in the local cache memory and the local date and time are within the validity period, retrieving the status from the local cache memory, wherein if the status is not found in the local cache memory or if the local date and time are not within the validity period, the CSS establishes a communication session with a certificate status reporting component of the issuing CA, composes a certificate status request according to the configured connector, retrieves the status from the certificate status reporting component, closes the communication session with certificate status reporting component, and adds at least the authentication certificate's identification, status, and time-to-live to the local cache memory.
6. The method of claim 1, wherein the certificate status is indicated by a Certificate Revocation List (CRL), according to a publication schedule of the issuing CA, the CSS retrieves the CRL from a certificate status reporting component listed in the configuration store, the CSS clears a cache memory associated with the issuing CA, and the CSS determines the status of the authentication certificate from the CRL and stores the status in the cache memory associated with the issuing CA.
7. The method of claim 1, wherein the certificate status is indicated by a Delta Certificate Revocation List (" CRL"); upon notification by the issuing CA that a CRL is available, the CSS retrieves the CRL from a certificate status reporting component listed in the configuration store; if the CRL is a complete CRL, then the CSS
clears a cache memory associated with the issuing CA, determines the status from the CRL, and stores the status in the cache memory; and if the CRL contains only changes occurring after publication of a full CRL, the CSS determines the status from the CRL, and stores the status in the cache memory.
clears a cache memory associated with the issuing CA, determines the status from the CRL, and stores the status in the cache memory; and if the CRL contains only changes occurring after publication of a full CRL, the CSS determines the status from the CRL, and stores the status in the cache memory.
8. The method of claim 1, wherein the communicating step includes communicating according to a sequence of connectors.
9. The method of claim 1, wherein a connector embeds more than one certificate status check in a single communicating step.
10. The method of claim 1, wherein the authentication certificate is not used for identification.
11. A method of retrieving a status of an authentication certificate issued by an issuing Certification Authority ("CA") in response to a query from a Trusted Custodial Utility ("TCU") to a Certificate Status Service ("CSS") to validate the authentication certificate's status, comprising the steps of:
locating and reporting the status if the status is present and current in a cache memory of the CSS;
otherwise performing the steps of:
obtaining a status type and retrieval method from a CSS configuration store;
if the status type is Certificate Revocation List ("CRL") and the status is not found in the cache memory, then reporting the status as valid;
if the status type is not CRL, then composing a certificate status request according to the status type;
establishing a communication session with the issuing CA;
retrieving the status from a status reporting component of the issuing CA
using the obtained retrieval method and ending the communication session;
interpreting the retrieved status;
associating, with the interpreted retrieved status, a time-to-live value representing a period specified by a CSS policy for the status type;
adding at least the authentication certificate's identification, status, and time-to-live values to the cache memory; and reporting the status to the TCU in response to the query.
locating and reporting the status if the status is present and current in a cache memory of the CSS;
otherwise performing the steps of:
obtaining a status type and retrieval method from a CSS configuration store;
if the status type is Certificate Revocation List ("CRL") and the status is not found in the cache memory, then reporting the status as valid;
if the status type is not CRL, then composing a certificate status request according to the status type;
establishing a communication session with the issuing CA;
retrieving the status from a status reporting component of the issuing CA
using the obtained retrieval method and ending the communication session;
interpreting the retrieved status;
associating, with the interpreted retrieved status, a time-to-live value representing a period specified by a CSS policy for the status type;
adding at least the authentication certificate's identification, status, and time-to-live values to the cache memory; and reporting the status to the TCU in response to the query.
12. The method of claim 11, wherein the CSS uses a certificate status protocol in the communication session.
13. The method of claim 11, wherein more than one status is retrieved using the obtained retrieval method.
14. The method of claim 11, wherein the authentication certificate is not used for identification.
15. A Certificate Status Service ("CSS") for providing accurate and timely status indications of authentication certificates issued by issuing Certification Authorities T
("CAs"), comprising:
providing a status of an authentication certificate as indicated by a Certificate Revocation List ("CRL") when the certificate's issuing CA uses CRLs for indicating status;
otherwise, providing the status indicated by a cache memory when the cache memory includes a status and a time-to-live data element is not exceeded;
if the time-to-live data element is exceeded, clearing the status from the cache memory;
requesting and retrieving the status using a real-time certificate status reporting protocol when the status is not in the cache memory;
adding at least the certificate's identification, status, and time-to-live data element to the cache memory; and providing the retrieved status.
("CAs"), comprising:
providing a status of an authentication certificate as indicated by a Certificate Revocation List ("CRL") when the certificate's issuing CA uses CRLs for indicating status;
otherwise, providing the status indicated by a cache memory when the cache memory includes a status and a time-to-live data element is not exceeded;
if the time-to-live data element is exceeded, clearing the status from the cache memory;
requesting and retrieving the status using a real-time certificate status reporting protocol when the status is not in the cache memory;
adding at least the certificate's identification, status, and time-to-live data element to the cache memory; and providing the retrieved status.
16. The CSS of claim 15, wherein a status use-counter data element is added to the cache memory; the status use-counter data element is incremented or decremented every time the certificate's status is checked; and if the status use-counter data element passes a threshold, then the status is provided and the cache memory is cleared with respect to the status.
17. The CSS of claim 16, wherein a status last-accessed data element is added to the cache memory, and the status last-accessed data element in conjunction with the status use-counter data element enable determination of an activity level of the certificate's status.
18. The CSS of claim 17, wherein when a request is made to the CSS to retrieve a status of a new certificate and the cache memory has reached an allocated buffer size limit, the CSS searches the cache memory for a lasted-accessed data element indicating an oldest date and clears the respective cache memory entry; and the CSS then retrieves the requested status, places it in the cache memory, and provides the requested status.
19. A method of executing a transaction between a first party and a second party by transferring control of an authenticated information object having a verifiable evidence trail, comprising the steps of:
retrieving an authenticated information object from a trusted repository, wherein the authenticated information object includes a first digital signature block comprising a digital signature of a submitting party and a first authentication certificate relating at least an identity and a cryptographic key to the submitting party, a date and time indicator, and a second digital signature block comprising a second digital signature of the trusted repository and a second authentication certificate relating at least an identity and a cryptographic key to the trusted repository; the first digital signature block was validated by the trusted repository; and the authenticated information object is stored as an electronic original information object under the control of the trusted repository;
executing the retrieved authenticated information object by the second party by including in the retrieved authenticated information object a third digital signature block comprising at least a third digital signature and a third authentication certificate of the second party; and forwarding the executed retrieved authenticated information object to a trusted custodial utility ("TCU"), wherein the TCU verifies digital signatures and validates authentication certificates associated with the digital signatures included in information objects by at least retrieving status of the authentication certificates from a Certificate Status Service ("CSS") provided according to claim 1; the TCU rejects a digital signature block if the respective digital signature is not verified or the status of the respective authentication certificate is expired or is revoked; and if at least one signature block in the information object is not rejected, the TCU appends the TCU's digital signature block and a date and time indicator to the information object and takes control of the object on behalf of the first party.
retrieving an authenticated information object from a trusted repository, wherein the authenticated information object includes a first digital signature block comprising a digital signature of a submitting party and a first authentication certificate relating at least an identity and a cryptographic key to the submitting party, a date and time indicator, and a second digital signature block comprising a second digital signature of the trusted repository and a second authentication certificate relating at least an identity and a cryptographic key to the trusted repository; the first digital signature block was validated by the trusted repository; and the authenticated information object is stored as an electronic original information object under the control of the trusted repository;
executing the retrieved authenticated information object by the second party by including in the retrieved authenticated information object a third digital signature block comprising at least a third digital signature and a third authentication certificate of the second party; and forwarding the executed retrieved authenticated information object to a trusted custodial utility ("TCU"), wherein the TCU verifies digital signatures and validates authentication certificates associated with the digital signatures included in information objects by at least retrieving status of the authentication certificates from a Certificate Status Service ("CSS") provided according to claim 1; the TCU rejects a digital signature block if the respective digital signature is not verified or the status of the respective authentication certificate is expired or is revoked; and if at least one signature block in the information object is not rejected, the TCU appends the TCU's digital signature block and a date and time indicator to the information object and takes control of the object on behalf of the first party.
20. The method of claim 19, wherein a signature block includes at least one hash of at least a portion of the information object in which the signature block is included, the at least one hash is encrypted by the cryptographic key of the block's respective signer, thereby forming the signer's digital signature, and the signer's digital signature is included in the signature block with the signer's authentication certificate.
21. The method of claim 20, wherein the executing step includes displaying a local date and time to the second party, affirming, by the second party, that the displayed local date and time are correct, and correcting the local date and time if either is incorrect.
22. The method of claim 19, wherein if the TCU rejects a digital signature block, the TCU requests a remedy that requires the digital signature to be recomputed and the signature block to be reforwarded.
23. The method of claim 19, wherein the TCU checks the local date and time for accuracy and that they are within a validity period indicated by the second party's authentication certificate.
24. The method of claim 23, wherein if the local date and time are not within the validity period indicated by the second party's authentication certificate, the TCU
notifies the second party that the authentication certificate is rejected and the first party that the transaction is incomplete.
notifies the second party that the authentication certificate is rejected and the first party that the transaction is incomplete.
25. The method of claim 19, wherein one or more digitized handwritten signatures are included in the information object, and placement of the digitized handwritten signatures in a data structure is specified by at least one signature tag.
26. The method of claim 19, wherein placement of one or more signature blocks in a data structure is specified by at least one signature tag.
27. The method of claim 26, wherein one or more signature blocks are separately forwarded to the TCU with respective signature tags, and the TCU
validates the signature blocks by:
rejecting a signature block if either the respective digital signature is not verified or the respective authentication certificate is not validated, and placing the signature block according to the respective signature tag if the signature block is not rejected, wherein, to signature blocks sent separately, the TCU adds a date and time indication to each signature block and appends according to business rules the TCU's signature block in a wrapper that encompasses the information object and placed signature blocks.
validates the signature blocks by:
rejecting a signature block if either the respective digital signature is not verified or the respective authentication certificate is not validated, and placing the signature block according to the respective signature tag if the signature block is not rejected, wherein, to signature blocks sent separately, the TCU adds a date and time indication to each signature block and appends according to business rules the TCU's signature block in a wrapper that encompasses the information object and placed signature blocks.
28. The method of claim 27, wherein the TCU verifies a digital signature and validates an authentication certificate in a signature block by:
determining from the business rules whether a party associated with the authentication certificate has authority, verifying the party's digital signature, checking that the authentication certificate's validity period overlaps the TCU's current date and time, checking that the local date and time falls within an allowable deviation from the TCU's current date and time, and retrieving status of the authentication certificate from the CSS, and if any of the preceding steps results in an invalid or false output, the digital signature is deemed invalid, the transaction is not executed, otherwise the digital signature is deemed valid and the transaction is executed.
determining from the business rules whether a party associated with the authentication certificate has authority, verifying the party's digital signature, checking that the authentication certificate's validity period overlaps the TCU's current date and time, checking that the local date and time falls within an allowable deviation from the TCU's current date and time, and retrieving status of the authentication certificate from the CSS, and if any of the preceding steps results in an invalid or false output, the digital signature is deemed invalid, the transaction is not executed, otherwise the digital signature is deemed valid and the transaction is executed.
29. The method of claim 19, wherein the CSS provides authentication certificate status to the TCU by at least the steps of checking a local cache memory for the status, and if the status is found in the local cache memory and the local date and time are within the validity period, and retrieving the status from the local cache memory; if the status is not found in the local cache memory or if the local date and time are not within the validity period, the CSS establishes a communication session with a certificate status reporting component of the issuing CA, composes a certificate status request according to the configured connector, retrieves the status from the certificate status reporting component, closes the communication session with certificate status reporting component, and adds at least the authentication certificate's identification, status, and a time-to-live data element to the local cache memory.
30. The method of claim 19, wherein the first party is a first TCU and the transaction is for transferring custody of one or more electronic originals to the first TCU
from a second TCU, an owner of the transaction provides the second TCU with a manifest that identifies electronic originals to be transferred to the first TCU, the second TCU establishes communication with the first TCU and identifies the purpose of its actions, the manifest is communicated to the first TCU so that it is able to determine when the transfer of custody has been completed, the second TCU transfers each identified electronic original to the first TCU, the first TCU retrieves status of the second TCU's certificate and verifies the second TCU's digital signature on each transferred electronic original, if any of the second TCU's digital signatures or certificates are invalid, then the first TCU notifies the second TCU and seeks a remedy, if the second TCU does not provide a remedy, the first TCU notifies the transaction owner that the requested transfer of custody has failed, otherwise the second TCU creates a new wrapper for each successfully transferred information object, adding a date-time stamp and the first TCU's signature block.
from a second TCU, an owner of the transaction provides the second TCU with a manifest that identifies electronic originals to be transferred to the first TCU, the second TCU establishes communication with the first TCU and identifies the purpose of its actions, the manifest is communicated to the first TCU so that it is able to determine when the transfer of custody has been completed, the second TCU transfers each identified electronic original to the first TCU, the first TCU retrieves status of the second TCU's certificate and verifies the second TCU's digital signature on each transferred electronic original, if any of the second TCU's digital signatures or certificates are invalid, then the first TCU notifies the second TCU and seeks a remedy, if the second TCU does not provide a remedy, the first TCU notifies the transaction owner that the requested transfer of custody has failed, otherwise the second TCU creates a new wrapper for each successfully transferred information object, adding a date-time stamp and the first TCU's signature block.
31. The method of claim 30, wherein the transaction is a transfer of ownership in response to an instruction, transfer of ownership documentation is placed in either the first TCU or the second TCU, the TCU having the transfer of ownership documentation validates authenticity of the transfer of ownership documentation by verifying all digital signatures, certificate validity periods, and using the CSS to check certificate status of all authentication certificates included in the transfer of ownership documentation, appends a date and time indication, and digitally signs, wraps and stores the transfer of ownership documentation, which are added to the manifest.
32. The method of claim 19, wherein certificate status is indicated to the CSS
by a Certificate Revocation List ("CRL"), according to a publication schedule of the issuing CA, the CSS retrieves the CRL from a certificate status reporting component listed in the configuration store, the CSS clears a cache memory associated with the issuing CA, and the CSS determines the status of the authentication certificate from the CRL
and stores the status in the cache memory associated with the issuing CA.
by a Certificate Revocation List ("CRL"), according to a publication schedule of the issuing CA, the CSS retrieves the CRL from a certificate status reporting component listed in the configuration store, the CSS clears a cache memory associated with the issuing CA, and the CSS determines the status of the authentication certificate from the CRL
and stores the status in the cache memory associated with the issuing CA.
33. The method of claim 19, wherein certificate status is indicated to the CSS
by a Delta Certificate Revocation List (" CRL"); upon notification by the issuing CA that a CRL is available, the CSS retrieves the CRL from a certificate status reporting component listed in the configuration store; if the CRL is a complete CRL, then the CSS
clears a cache memory associated with the issuing CA, determines the status from the CRL, and stores the status in the cache memory; and if the CRL contains only changes occurring after publication of a full CRL, the CSS determines the status from the CRL, and stores the status in the cache memory.
by a Delta Certificate Revocation List (" CRL"); upon notification by the issuing CA that a CRL is available, the CSS retrieves the CRL from a certificate status reporting component listed in the configuration store; if the CRL is a complete CRL, then the CSS
clears a cache memory associated with the issuing CA, determines the status from the CRL, and stores the status in the cache memory; and if the CRL contains only changes occurring after publication of a full CRL, the CSS determines the status from the CRL, and stores the status in the cache memory.
Applications Claiming Priority (5)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
US39717802P | 2002-07-18 | 2002-07-18 | |
US60/397,178 | 2002-07-18 | ||
US10/620,817 US7743248B2 (en) | 1995-01-17 | 2003-07-16 | System and method for a remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components |
US10/620,817 | 2003-07-16 | ||
PCT/US2003/022191 WO2004010271A2 (en) | 2002-07-18 | 2003-07-17 | System and method for the transmission, storage and retrieval of authenticated documents |
Publications (2)
Publication Number | Publication Date |
---|---|
CA2492986A1 true CA2492986A1 (en) | 2004-01-29 |
CA2492986C CA2492986C (en) | 2011-03-15 |
Family
ID=30772994
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CA2492986A Expired - Lifetime CA2492986C (en) | 2002-07-18 | 2003-07-17 | System and method for a remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components |
Country Status (13)
Country | Link |
---|---|
US (1) | US7743248B2 (en) |
EP (1) | EP1540881B1 (en) |
KR (1) | KR101105121B1 (en) |
CN (1) | CN1682490B (en) |
AU (1) | AU2003259136B2 (en) |
BR (2) | BRPI0312774B1 (en) |
CA (1) | CA2492986C (en) |
EA (1) | EA007089B1 (en) |
HK (1) | HK1083252A1 (en) |
IL (1) | IL166311A0 (en) |
MX (1) | MXPA05000696A (en) |
NZ (1) | NZ537994A (en) |
WO (1) | WO2004010271A2 (en) |
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9130918B2 (en) | 2009-09-21 | 2015-09-08 | Thomson Licensing | System and method for automatically verifying storage of redundant contents into communication equipments, by data comparison |
Families Citing this family (133)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
FI105965B (en) * | 1998-07-07 | 2000-10-31 | Nokia Networks Oy | Authentication in telecommunications networks |
GB0014414D0 (en) * | 2000-06-12 | 2000-08-09 | Business Information Publicati | Electronic deposit box system |
US7395430B2 (en) * | 2001-08-28 | 2008-07-01 | International Business Machines Corporation | Secure authentication using digital certificates |
IL159341A0 (en) * | 2001-06-12 | 2004-06-01 | Research In Motion Ltd | System and method for compressing secure e-mail for exchange with a mobile data communication device |
IL159342A0 (en) * | 2001-06-12 | 2004-06-01 | Research In Motion Ltd | Certificate management and transfer system and method |
WO2002102009A2 (en) * | 2001-06-12 | 2002-12-19 | Research In Motion Limited | Method for processing encoded messages for exchange with a mobile data communication device |
WO2003007570A1 (en) * | 2001-07-10 | 2003-01-23 | Research In Motion Limited | System and method for secure message key caching in a mobile communication device |
CN100380895C (en) * | 2001-08-06 | 2008-04-09 | 捷讯研究有限公司 | System and method for processing encoded messages |
US7818657B1 (en) * | 2002-04-01 | 2010-10-19 | Fannie Mae | Electronic document for mortgage transactions |
US7562053B2 (en) | 2002-04-02 | 2009-07-14 | Soluble Technologies, Llc | System and method for facilitating transactions between two or more parties |
US9811805B2 (en) * | 2002-09-18 | 2017-11-07 | eSys Technologies, Inc. | Automated work-flow management system with dynamic interface |
US8019989B2 (en) * | 2003-06-06 | 2011-09-13 | Hewlett-Packard Development Company, L.P. | Public-key infrastructure in network management |
US20050120207A1 (en) * | 2003-12-02 | 2005-06-02 | John Hines | Method and system for enabling PKI in a bandwidth restricted environment |
JP4607567B2 (en) * | 2004-01-09 | 2011-01-05 | 株式会社リコー | Certificate transfer method, certificate transfer apparatus, certificate transfer system, program, and recording medium |
DE602005018038D1 (en) * | 2004-04-30 | 2010-01-14 | Research In Motion Ltd | SYSTEM AND METHOD FOR TESTING DIGITAL CERTIFICATES |
CA2535371C (en) * | 2004-05-05 | 2011-11-01 | Research In Motion Limited | System and method for sending secure messages |
US7546454B2 (en) * | 2004-06-30 | 2009-06-09 | At&T Intellectual Property I, L.P. | Automated digital certificate discovery and management |
US20060036849A1 (en) * | 2004-08-09 | 2006-02-16 | Research In Motion Limited | System and method for certificate searching and retrieval |
US9094429B2 (en) * | 2004-08-10 | 2015-07-28 | Blackberry Limited | Server verification of secure electronic messages |
US7631183B2 (en) | 2004-09-01 | 2009-12-08 | Research In Motion Limited | System and method for retrieving related certificates |
US7549043B2 (en) | 2004-09-01 | 2009-06-16 | Research In Motion Limited | Providing certificate matching in a system and method for searching and retrieving certificates |
US7640428B2 (en) * | 2004-09-02 | 2009-12-29 | Research In Motion Limited | System and method for searching and retrieving certificates |
US7509120B2 (en) * | 2004-09-07 | 2009-03-24 | Research In Motion Limited | System and method for updating message trust status |
US8694788B1 (en) * | 2005-04-29 | 2014-04-08 | Progressive Casualty Insurance Company | Security system |
FI20050491A0 (en) * | 2005-05-09 | 2005-05-09 | Nokia Corp | System for delivery of certificates in a communication system |
US7849101B2 (en) * | 2005-05-12 | 2010-12-07 | Microsoft Corporation | Method and system for enabling an electronic signature approval process |
JP4636607B2 (en) * | 2005-06-29 | 2011-02-23 | 株式会社日立ソリューションズ | How to protect sensitive files in security application |
JP4410166B2 (en) * | 2005-07-14 | 2010-02-03 | 株式会社リコー | Image forming apparatus, electronic signature generation method, electronic signature generation program, and recording medium |
EP1803249B1 (en) * | 2005-10-14 | 2010-04-07 | Research In Motion Limited | System and method for protecting master encryption keys |
US8316230B2 (en) * | 2005-11-14 | 2012-11-20 | Microsoft Corporation | Service for determining whether digital certificate has been revoked |
JP4960685B2 (en) * | 2005-11-22 | 2012-06-27 | 株式会社リコー | Service processing system and service processing control method |
EP1955236A4 (en) * | 2005-11-29 | 2010-06-09 | Athena Smartcard Solutions Kk | Device, system and method of performing an adminstrative operation on a security token |
WO2007072468A1 (en) * | 2005-12-22 | 2007-06-28 | Digiprove Limited | Establishing proof of existence and possession of digital content |
JP4315161B2 (en) * | 2006-02-16 | 2009-08-19 | 村田機械株式会社 | Image reader with time authentication request function |
JP4501885B2 (en) * | 2006-03-30 | 2010-07-14 | 村田機械株式会社 | Server device with revocation list acquisition function. |
US20070239504A1 (en) * | 2006-04-11 | 2007-10-11 | Austin Paul R | Forms for business case management |
US8935416B2 (en) | 2006-04-21 | 2015-01-13 | Fortinet, Inc. | Method, apparatus, signals and medium for enforcing compliance with a policy on a client computer |
US9710615B1 (en) * | 2006-06-09 | 2017-07-18 | United Services Automobile Association (Usaa) | Systems and methods for secure online repositories |
US8718236B1 (en) | 2006-06-09 | 2014-05-06 | United Services Automobile Association (Usaa) | Systems and methods for secure on-line repositories |
US7814161B2 (en) | 2006-06-23 | 2010-10-12 | Research In Motion Limited | System and method for handling electronic mail mismatches |
US11019007B1 (en) | 2006-07-13 | 2021-05-25 | United Services Automobile Association (Usaa) | Systems and methods for providing electronic official documents |
US8788829B2 (en) | 2006-08-17 | 2014-07-22 | Aol Inc. | System and method for interapplication communications |
US20080120416A1 (en) * | 2006-11-07 | 2008-05-22 | Tiversa, Inc. | System and method for peer to peer compensation |
AT504214B1 (en) * | 2007-01-03 | 2008-04-15 | Bernhard Hans Peter Dipl Ing D | METHOD FOR THE DYNAMIC, DATA DEPENDENT DETERMINATION AND USE OF AUTHORIZATIONS IN HIERARCHICAL AND RELATIONAL ENVIRONMENTS |
US20090077655A1 (en) * | 2007-09-19 | 2009-03-19 | Novell, Inc. | Processing html extensions to enable support of information cards by a relying party |
JP4829822B2 (en) * | 2007-03-19 | 2011-12-07 | 株式会社リコー | Remote device management system |
US8650038B2 (en) * | 2007-07-17 | 2014-02-11 | William Howard Peirson, JR. | Systems and processes for obtaining and managing electronic signatures for real estate transaction documents |
US8490206B1 (en) * | 2007-09-28 | 2013-07-16 | Time Warner, Inc. | Apparatuses, methods and systems for reputation/content tracking and management |
US20090198618A1 (en) * | 2008-01-15 | 2009-08-06 | Yuen Wah Eva Chan | Device and method for loading managing and using smartcard authentication token and digital certificates in e-commerce |
US7676501B2 (en) | 2008-03-22 | 2010-03-09 | Wilson Kelce S | Document integrity verification |
US9461827B2 (en) * | 2008-04-11 | 2016-10-04 | Toyota Motor Engineering & Manufacturing North America, Inc. | Method for distributing a list of certificate revocations in a vanet |
US7904450B2 (en) | 2008-04-25 | 2011-03-08 | Wilson Kelce S | Public electronic document dating list |
US8990221B2 (en) * | 2008-05-30 | 2015-03-24 | Google Technology Holdings LLC | Device and method for updating a certificate |
US8776238B2 (en) * | 2008-07-16 | 2014-07-08 | International Business Machines Corporation | Verifying certificate use |
KR101007521B1 (en) * | 2008-07-23 | 2011-01-18 | (주)에스알파트너즈 | Document authentication system using electronic signature of licensee and document authentication method thereof |
US8281379B2 (en) * | 2008-11-13 | 2012-10-02 | Vasco Data Security, Inc. | Method and system for providing a federated authentication service with gradual expiration of credentials |
WO2010144898A1 (en) * | 2009-06-12 | 2010-12-16 | General Instrument Corporation | Certificate status information protocol (csip) proxy and responder |
JP2011055307A (en) * | 2009-09-02 | 2011-03-17 | Konica Minolta Business Technologies Inc | Image processing apparatus, method for creating electronic certificate in the image processing apparatus, and program for creating the electronic certificate |
US8356172B2 (en) | 2009-10-08 | 2013-01-15 | At&T Intellectual Property I, L.P. | Apparatus and method for monitoring certificate acquisition |
US8458776B2 (en) * | 2009-10-21 | 2013-06-04 | Microsoft Corporation | Low-latency peer session establishment |
US20110161663A1 (en) * | 2009-12-29 | 2011-06-30 | General Instrument Corporation | Intelligent caching for ocsp service optimization |
US9118485B2 (en) * | 2010-02-26 | 2015-08-25 | Red Hat, Inc. | Using an OCSP responder as a CRL distribution point |
US8875285B2 (en) | 2010-03-24 | 2014-10-28 | Microsoft Corporation | Executable code validation in a web browser |
CN101860548B (en) * | 2010-06-17 | 2012-11-21 | 北京握奇数据系统有限公司 | Method, device and system for verifying data signature |
CN101931537B (en) * | 2010-09-15 | 2012-08-29 | 北京数字认证股份有限公司 | Digital certificate generation method for limiting signature contents |
CN101931631B (en) * | 2010-09-15 | 2013-08-14 | 北京数字认证股份有限公司 | Method for digital signatures capable of establishing reliable correspondence with handwritten signatures |
US8850191B2 (en) * | 2011-04-28 | 2014-09-30 | Netapp, Inc. | Scalable groups of authenticated entities |
WO2012161720A1 (en) * | 2011-05-20 | 2012-11-29 | Primerevenue, Inc. | Supply chain finance system |
US8832447B2 (en) * | 2011-08-10 | 2014-09-09 | Sony Corporation | System and method for using digital signatures to assign permissions |
US9509505B2 (en) | 2011-09-28 | 2016-11-29 | Netapp, Inc. | Group management of authenticated entities |
WO2013066016A1 (en) * | 2011-11-04 | 2013-05-10 | 주식회사 케이티 | Method for forming a trust relationship, and embedded uicc therefor |
KR101986312B1 (en) | 2011-11-04 | 2019-06-05 | 주식회사 케이티 | Method for Creating Trust Relationship and Embedded UICC |
US8955084B2 (en) * | 2011-11-10 | 2015-02-10 | Blackberry Limited | Timestamp-based token revocation |
JP5786670B2 (en) * | 2011-11-17 | 2015-09-30 | ソニー株式会社 | Information processing apparatus, information storage apparatus, information processing system, information processing method, and program |
US9330188B1 (en) | 2011-12-22 | 2016-05-03 | Amazon Technologies, Inc. | Shared browsing sessions |
US10026120B2 (en) * | 2012-01-06 | 2018-07-17 | Primerevenue, Inc. | Supply chain finance system |
CN102609841B (en) * | 2012-01-13 | 2015-02-25 | 东北大学 | Remote mobile payment system based on digital certificate and payment method |
US9374244B1 (en) * | 2012-02-27 | 2016-06-21 | Amazon Technologies, Inc. | Remote browsing session management |
US9230130B2 (en) * | 2012-03-22 | 2016-01-05 | Docusign, Inc. | System and method for rules-based control of custody of electronic signature transactions |
CN103368902A (en) * | 2012-03-27 | 2013-10-23 | 湖南亲安网络科技有限公司 | Data interaction method |
US8909929B2 (en) * | 2012-05-31 | 2014-12-09 | Atmel Corporation | Stored public key validity registers for cryptographic devices and systems |
US9756036B2 (en) | 2012-06-15 | 2017-09-05 | Nokia Technologies Oy | Mechanisms for certificate revocation status verification on constrained devices |
WO2014000148A1 (en) * | 2012-06-25 | 2014-01-03 | 华为技术有限公司 | Resource obtaining method and device |
US9292283B2 (en) | 2012-07-11 | 2016-03-22 | Intel Corporation | Method for fast large-integer arithmetic on IA processors |
US8914641B2 (en) * | 2012-07-11 | 2014-12-16 | Intel Corporation | Method for signing and verifying data using multiple hash algorithms and digests in PKCS |
US9685057B2 (en) * | 2013-03-15 | 2017-06-20 | Assa Abloy Ab | Chain of custody with release process |
EP3910876A1 (en) | 2013-03-15 | 2021-11-17 | Assa Abloy Ab | Method, system, and device for generating, storing, using, and validating nfc tags and data |
EP3017580B1 (en) | 2013-07-01 | 2020-06-24 | Assa Abloy AB | Signatures for near field communications |
CN104331643A (en) * | 2013-07-22 | 2015-02-04 | 腾讯科技(深圳)有限公司 | Electronic book management method and device |
US9887982B2 (en) * | 2013-10-09 | 2018-02-06 | Digicert, Inc. | Accelerating OCSP responses via content delivery network collaboration |
JP6410189B2 (en) * | 2013-12-16 | 2018-10-24 | パナソニックIpマネジメント株式会社 | Authentication system and authentication method |
US20150207786A1 (en) * | 2014-01-17 | 2015-07-23 | Satyan G. Pitroda | System and method for electronic vault to manage digital contents |
US9722794B2 (en) * | 2014-02-10 | 2017-08-01 | Ims Health Incorporated | System and method for remote access, remote digital signature |
US9838381B2 (en) * | 2014-02-26 | 2017-12-05 | Mitsubishi Electric Corporation | Certificate management apparatus and certificate management method |
JP6459642B2 (en) | 2014-05-19 | 2019-01-30 | セイコーエプソン株式会社 | Printer control method and printer |
WO2016009245A1 (en) | 2014-07-15 | 2016-01-21 | Assa Abloy Ab | Cloud card application platform |
CN105516059B (en) * | 2014-09-25 | 2018-11-06 | 阿里巴巴集团控股有限公司 | A kind of resource access control method and device |
GB2531247B (en) * | 2014-10-07 | 2021-10-06 | Arm Ip Ltd | Method, hardware and digital certificate for authentication of connected devices |
US20160162991A1 (en) * | 2014-12-04 | 2016-06-09 | Hartford Fire Insurance Company | System for accessing and certifying data in a client server environment |
US10453058B2 (en) | 2014-12-17 | 2019-10-22 | Heartland Payment Systems, Inc. | E-signature |
US10181955B2 (en) | 2015-05-29 | 2019-01-15 | Eoriginal, Inc. | Method for conversation of an original paper document into an authenticated original electronic information object |
CN104980438B (en) * | 2015-06-15 | 2018-07-24 | 中国科学院信息工程研究所 | The method and system of digital certificate revocation status checkout in a kind of virtualized environment |
US10970274B2 (en) | 2015-09-17 | 2021-04-06 | Eoriginal, Inc. | System and method for electronic data capture and management for audit, monitoring, reporting and compliance |
CA2999303C (en) * | 2015-09-23 | 2023-02-28 | Viasat, Inc. | Acceleration of online certificate status checking with an internet hinting service |
US10574459B2 (en) | 2015-09-30 | 2020-02-25 | Microsoft Technology Licensing, Llc | Code signing service |
US11301823B2 (en) | 2015-10-02 | 2022-04-12 | Eoriginal, Inc. | System and method for electronic deposit and authentication of original electronic information objects |
US20170124261A1 (en) * | 2015-10-28 | 2017-05-04 | Docsnap, Inc. | Systems and methods for patient health networks |
CN106899408B (en) * | 2015-12-18 | 2019-12-06 | 北京网御星云信息技术有限公司 | method and device for updating CRL |
CN105653412A (en) * | 2015-12-31 | 2016-06-08 | 深圳市金立通信设备有限公司 | Fingerprint device compatibility detection method and terminal |
US10019588B2 (en) | 2016-01-15 | 2018-07-10 | FinLocker LLC | Systems and/or methods for enabling cooperatively-completed rules-based data analytics of potentially sensitive data |
US9672487B1 (en) | 2016-01-15 | 2017-06-06 | FinLocker LLC | Systems and/or methods for providing enhanced control over and visibility into workflows where potentially sensitive data is processed by different operators, regardless of current workflow task owner |
US9904957B2 (en) * | 2016-01-15 | 2018-02-27 | FinLocker LLC | Systems and/or methods for maintaining control over, and access to, sensitive data inclusive digital vaults and hierarchically-arranged information elements thereof |
GB2547025A (en) * | 2016-02-05 | 2017-08-09 | Thales Holdings Uk Plc | A method of data transfer, a method of controlling use of data and a cryptographic device |
CN107203302B (en) * | 2016-03-17 | 2021-01-01 | 创新先进技术有限公司 | Page display method and device |
HUP1600467A2 (en) * | 2016-07-26 | 2018-03-28 | Intersoft Hungary Kft | Method and system for authentically determining the identity of an electronic document and copy or futureversion |
US10540652B2 (en) * | 2016-11-18 | 2020-01-21 | Intel Corporation | Technology for secure partitioning and updating of a distributed digital ledger |
CN108206821A (en) * | 2016-12-20 | 2018-06-26 | 航天信息股份有限公司 | A kind of identity authentication method and system |
ES2764128T3 (en) * | 2016-12-21 | 2020-06-02 | Merck Patent Gmbh | Reading device to read a composite mark that includes a non-clonal physical function to fight counterfeiting |
CN109891823B (en) * | 2017-02-13 | 2022-02-11 | 惠普发展公司,有限责任合伙企业 | Method, system, and non-transitory computer readable medium for credential encryption |
CN108073772B (en) * | 2017-12-25 | 2021-06-22 | 沈阳鼓风机集团股份有限公司 | Centrifugal compressor design method |
CN110858804B (en) * | 2018-08-25 | 2022-04-05 | 华为云计算技术有限公司 | Method for determining certificate status |
CA3041159C (en) | 2018-11-07 | 2021-12-07 | Alibaba Group Holding Limited | Managing communications among consensus nodes and client nodes |
US11218329B2 (en) * | 2019-02-20 | 2022-01-04 | Arris Enterprises Llc | Certificate generation with fallback certificates |
US11444776B2 (en) * | 2019-05-01 | 2022-09-13 | Kelce S. Wilson | Blockchain with daisy chained records, document corral, quarantine, message timestamping, and self-addressing |
US11362843B1 (en) * | 2019-11-19 | 2022-06-14 | Amazon Technologies, Inc. | Certificate rotation on host |
US11843706B1 (en) | 2019-11-19 | 2023-12-12 | Amazon Technologies, Inc. | Gradual certificate rotation |
US11483162B1 (en) | 2019-12-18 | 2022-10-25 | Wells Fargo Bank, N.A. | Security settlement using group signatures |
EP3851923B1 (en) * | 2020-01-14 | 2023-07-12 | Siemens Aktiengesellschaft | Control system for technical installations with certificate management |
US11240726B2 (en) * | 2020-07-01 | 2022-02-01 | Bank Of America Corporation | Communication continuity device |
US11863678B2 (en) | 2020-08-26 | 2024-01-02 | Tenet 3, LLC | Rendering blockchain operations resistant to advanced persistent threats (APTs) |
US11507686B2 (en) * | 2020-09-01 | 2022-11-22 | Crosstech Solutions Group LLC | System and method for encrypting electronic documents containing confidential information |
EP4002756B1 (en) * | 2020-11-24 | 2022-11-02 | Axis AB | Systems and methods of managing a certificate associated with a component located at a remote location |
KR20220085604A (en) * | 2020-12-15 | 2022-06-22 | 효성티앤에스 주식회사 | Apparatus for receipting and disbursementing of certificate, system for automating of financial work |
Family Cites Families (124)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US34954A (en) * | 1862-04-15 | Cord-windek | ||
US141360A (en) * | 1873-07-29 | Improvement in bottling liquids | ||
US892521A (en) * | 1907-10-05 | 1908-07-07 | James N Hoag | Compound for stopping leaks in steam apparatus. |
US4200770A (en) | 1977-09-06 | 1980-04-29 | Stanford University | Cryptographic apparatus and method |
US4405829A (en) | 1977-12-14 | 1983-09-20 | Massachusetts Institute Of Technology | Cryptographic communications system and method |
US4264782A (en) * | 1979-06-29 | 1981-04-28 | International Business Machines Corporation | Method and apparatus for transaction and identity verification |
US4625076A (en) | 1984-03-19 | 1986-11-25 | Nippon Telegraph & Telephone Public Corporation | Signed document transmission system |
US4977594A (en) | 1986-10-14 | 1990-12-11 | Electronic Publishing Resources, Inc. | Database usage metering and protection system and method |
US4827508A (en) | 1986-10-14 | 1989-05-02 | Personal Library Software, Inc. | Database usage metering and protection system and method |
US5050213A (en) | 1986-10-14 | 1991-09-17 | Electronic Publishing Resources, Inc. | Database usage metering and protection system and method |
US4893338A (en) | 1987-12-31 | 1990-01-09 | Pitney Bowes Inc. | System for conveying information for the reliable authentification of a plurality of documents |
US4853961A (en) | 1987-12-18 | 1989-08-01 | Pitney Bowes Inc. | Reliable document authentication system |
US5005200A (en) | 1988-02-12 | 1991-04-02 | Fischer Addison M | Public key/signature cryptosystem with enhanced digital signature certification |
US5003405A (en) | 1988-11-25 | 1991-03-26 | Wulforst Howard E | Method and apparatus for transmitting verified copy of a document over distances and to substitute for original document |
EP0383985A1 (en) | 1989-02-24 | 1990-08-29 | Claus Peter Prof. Dr. Schnorr | Method for subscriber identification and for generation and verification of electronic signatures in a data exchange system |
US4981370A (en) | 1990-01-29 | 1991-01-01 | Dziewit Halina S | Document authentication apparatus |
US5031214A (en) | 1990-01-29 | 1991-07-09 | Dziewit Halina S | Document authentication apparatus |
US5163091A (en) | 1990-01-29 | 1992-11-10 | Graziano James M | Knowledge based system for document authentication (apparatus) |
DE4008971A1 (en) | 1990-03-20 | 1991-09-26 | Siemens Nixdorf Inf Syst | METHOD FOR AUTHENTICATING A USER USING A DATA STATION |
US5214703A (en) | 1990-05-18 | 1993-05-25 | Ascom Tech Ag | Device for the conversion of a digital block and use of same |
US5136646A (en) | 1991-03-08 | 1992-08-04 | Bell Communications Research, Inc. | Digital document time-stamping with catenate certificate |
US5136647A (en) | 1990-08-02 | 1992-08-04 | Bell Communications Research, Inc. | Method for secure time-stamping of digital documents |
US5191613A (en) | 1990-11-16 | 1993-03-02 | Graziano James M | Knowledge based system for document authentication |
US5231668A (en) | 1991-07-26 | 1993-07-27 | The United States Of America, As Represented By The Secretary Of Commerce | Digital signature algorithm |
US5164988A (en) | 1991-10-31 | 1992-11-17 | International Business Machines Corporation | Method to establish and enforce a network cryptographic security policy in a public key cryptosystem |
CA2093094C (en) | 1992-04-06 | 2000-07-11 | Addison M. Fischer | Method and apparatus for creating, supporting, and using travelling programs |
US5276737B1 (en) | 1992-04-20 | 1995-09-12 | Silvio Micali | Fair cryptosystems and methods of use |
US5315658B1 (en) | 1992-04-20 | 1995-09-12 | Silvio Micali | Fair cryptosystems and methods of use |
US5241594A (en) | 1992-06-02 | 1993-08-31 | Hughes Aircraft Company | One-time logon means and methods for distributed computing systems |
DE69332633T2 (en) | 1992-07-20 | 2003-11-06 | Compaq Computer Corp | Procedure and system for discovering aliases based on certification |
US5311596A (en) | 1992-08-31 | 1994-05-10 | At&T Bell Laboratories | Continuous authentication using an in-band or out-of-band side channel |
US5267314A (en) | 1992-11-17 | 1993-11-30 | Leon Stambler | Secure transaction system and method utilized therein |
US5339361A (en) | 1992-12-04 | 1994-08-16 | Texas Instruments Incorporated | System and method for authenticating transmission and receipt of electronic information |
US5373561A (en) | 1992-12-21 | 1994-12-13 | Bell Communications Research, Inc. | Method of extending the validity of a cryptographic certificate |
JPH06223041A (en) | 1993-01-22 | 1994-08-12 | Fujitsu Ltd | Rarge-area environment user certification system |
FR2700905B1 (en) | 1993-01-28 | 1995-03-10 | France Telecom | Device and method for securing fax transmission, and secure facsimile machine comprising such a device. |
US5363448A (en) | 1993-06-30 | 1994-11-08 | United Technologies Automotive, Inc. | Pseudorandom number generation and cryptographic authentication |
US5377270A (en) | 1993-06-30 | 1994-12-27 | United Technologies Automotive, Inc. | Cryptographic authentication of transmitted messages using pseudorandom numbers |
GB2281645A (en) | 1993-09-03 | 1995-03-08 | Ibm | Control of access to a networked system |
US5590199A (en) | 1993-10-12 | 1996-12-31 | The Mitre Corporation | Electronic information network user authentication and authorization system |
US5371794A (en) | 1993-11-02 | 1994-12-06 | Sun Microsystems, Inc. | Method and apparatus for privacy and authentication in wireless networks |
US6038035A (en) | 1994-02-08 | 2000-03-14 | Wulforst; Howard E. | Method and apparatus for substitute original documents |
US5999711A (en) | 1994-07-18 | 1999-12-07 | Microsoft Corporation | Method and system for providing certificates holding authentication and authorization information for users/machines |
US5544255A (en) * | 1994-08-31 | 1996-08-06 | Peripheral Vision Limited | Method and system for the capture, storage, transport and authentication of handwritten signatures |
BR9509131A (en) | 1994-10-28 | 1997-09-02 | Surety Technologies Inc | Registration process of first digital document for authentication process for authentication of digital document process for naming of first digital document digital representation of document certificate authentication and clock-stamp process for first digital document for authentication |
US5655077A (en) | 1994-12-13 | 1997-08-05 | Microsoft Corporation | Method and system for authenticating access to heterogeneous computing services |
US5689638A (en) | 1994-12-13 | 1997-11-18 | Microsoft Corporation | Method for providing access to independent network resources by establishing connection using an application programming interface function call without prompting the user for authentication data |
US6237096B1 (en) | 1995-01-17 | 2001-05-22 | Eoriginal Inc. | System and method for electronic transmission storage and retrieval of authenticated documents |
US5748738A (en) | 1995-01-17 | 1998-05-05 | Document Authentication Systems, Inc. | System and method for electronic transmission, storage and retrieval of authenticated documents |
US5615268A (en) | 1995-01-17 | 1997-03-25 | Document Authentication Systems, Inc. | System and method for electronic transmission storage and retrieval of authenticated documents |
US7162635B2 (en) | 1995-01-17 | 2007-01-09 | Eoriginal, Inc. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
US6367013B1 (en) | 1995-01-17 | 2002-04-02 | Eoriginal Inc. | System and method for electronic transmission, storage, and retrieval of authenticated electronic original documents |
US5892900A (en) | 1996-08-30 | 1999-04-06 | Intertrust Technologies Corp. | Systems and methods for secure transaction management and electronic rights protection |
US5943422A (en) | 1996-08-12 | 1999-08-24 | Intertrust Technologies Corp. | Steganographic techniques for securely delivering electronic digital rights management control information over insecure communication channels |
EP1643340B1 (en) | 1995-02-13 | 2013-08-14 | Intertrust Technologies Corp. | Secure transaction management |
NL1000530C2 (en) | 1995-06-08 | 1996-12-10 | Defil N V Holland Intertrust A | Filtering method. |
EP0751453B1 (en) | 1995-06-30 | 2000-09-06 | International Business Machines Corporation | Method and apparatus for a system wide logon in a distributed computing environment |
US6487658B1 (en) * | 1995-10-02 | 2002-11-26 | Corestreet Security, Ltd. | Efficient certificate revocation |
US6766450B2 (en) * | 1995-10-24 | 2004-07-20 | Corestreet, Ltd. | Certificate revocation system |
US7337315B2 (en) * | 1995-10-02 | 2008-02-26 | Corestreet, Ltd. | Efficient certificate revocation |
US6292893B1 (en) * | 1995-10-24 | 2001-09-18 | Silvio Micali | Certificate revocation system |
US5666416A (en) * | 1995-10-24 | 1997-09-09 | Micali; Silvio | Certificate revocation system |
US5699431A (en) | 1995-11-13 | 1997-12-16 | Northern Telecom Limited | Method for efficient management of certificate revocation lists and update information |
US5692047A (en) | 1995-12-08 | 1997-11-25 | Sun Microsystems, Inc. | System and method for executing verifiable programs with facility for using non-verifiable programs from trusted sources |
US5937068A (en) | 1996-03-22 | 1999-08-10 | Activcard | System and method for user authentication employing dynamic encryption variables |
US5903651A (en) * | 1996-05-14 | 1999-05-11 | Valicert, Inc. | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data |
US6901509B1 (en) * | 1996-05-14 | 2005-05-31 | Tumbleweed Communications Corp. | Apparatus and method for demonstrating and confirming the status of a digital certificates and other data |
US5684950A (en) | 1996-09-23 | 1997-11-04 | Lockheed Martin Corporation | Method and system for authenticating users to multiple computer servers via a single sign-on |
US6023509A (en) | 1996-09-30 | 2000-02-08 | Intel Corporation | Digital signature purpose encoding |
US5848872A (en) | 1996-11-15 | 1998-12-15 | Storage Technology Corporation | Apparatus for handling cartridges in a storage library system |
US7177839B1 (en) * | 1996-12-13 | 2007-02-13 | Certco, Inc. | Reliance manager for electronic transaction system |
US5903882A (en) | 1996-12-13 | 1999-05-11 | Certco, Llc | Reliance server for electronic transaction system |
US5872848A (en) | 1997-02-18 | 1999-02-16 | Arcanvs | Method and apparatus for witnessed authentication of electronic documents |
US5920861A (en) | 1997-02-25 | 1999-07-06 | Intertrust Technologies Corp. | Techniques for defining using and manipulating rights management data structures |
US5884312A (en) | 1997-02-28 | 1999-03-16 | Electronic Data Systems Corporation | System and method for securely accessing information from disparate data sources through a network |
US6044462A (en) | 1997-04-02 | 2000-03-28 | Arcanvs | Method and apparatus for managing key revocation |
US5944824A (en) | 1997-04-30 | 1999-08-31 | Mci Communications Corporation | System and method for single sign-on to a plurality of network elements |
DE69834406T2 (en) | 1997-05-13 | 2006-12-07 | Passlogix, Inc. | GENERALIZED USER IDENTIFICATION AND AUTHENTICATION SYSTEM |
JP3595109B2 (en) | 1997-05-28 | 2004-12-02 | 日本ユニシス株式会社 | Authentication device, terminal device, authentication method in those devices, and storage medium |
US6584565B1 (en) | 1997-07-15 | 2003-06-24 | Hewlett-Packard Development Company, L.P. | Method and apparatus for long term verification of digital signatures |
US6397329B1 (en) * | 1997-11-21 | 2002-05-28 | Telcordia Technologies, Inc. | Method for efficiently revoking digital identities |
US5987429A (en) | 1997-12-16 | 1999-11-16 | Sun Microsystems, Inc. | Computer-based fee processing for electronic commerce |
US6484174B1 (en) | 1998-04-20 | 2002-11-19 | Sun Microsystems, Inc. | Method and apparatus for session management and user authentication |
US6178511B1 (en) | 1998-04-30 | 2001-01-23 | International Business Machines Corporation | Coordinating user target logons in a single sign-on (SSO) environment |
US6275944B1 (en) | 1998-04-30 | 2001-08-14 | International Business Machines Corporation | Method and system for single sign on using configuration directives with respect to target types |
US6615347B1 (en) * | 1998-06-30 | 2003-09-02 | Verisign, Inc. | Digital certificate cross-referencing |
US6351812B1 (en) * | 1998-09-04 | 2002-02-26 | At&T Corp | Method and apparatus for authenticating participants in electronic commerce |
US6301658B1 (en) * | 1998-09-09 | 2001-10-09 | Secure Computing Corporation | Method and system for authenticating digital certificates issued by an authentication hierarchy |
US6671803B1 (en) * | 1998-10-06 | 2003-12-30 | Koninklijke Philips Electronics N.V. | Method and system for consumer electronic device certificate management |
US6304974B1 (en) * | 1998-11-06 | 2001-10-16 | Oracle Corporation | Method and apparatus for managing trusted certificates |
US6421768B1 (en) | 1999-05-04 | 2002-07-16 | First Data Corporation | Method and system for authentication and single sign on using cryptographically assured cookies in a distributed computer environment |
WO2001006701A1 (en) * | 1999-07-15 | 2001-01-25 | Sudia Frank W | Certificate revocation notification systems |
US20020029200A1 (en) * | 1999-09-10 | 2002-03-07 | Charles Dulin | System and method for providing certificate validation and other services |
US6401211B1 (en) | 1999-10-19 | 2002-06-04 | Microsoft Corporation | System and method of user logon in combination with user authentication for network access |
US6842863B1 (en) * | 1999-11-23 | 2005-01-11 | Microsoft Corporation | Certificate reissuance for checking the status of a certificate in financial transactions |
CN1182479C (en) * | 2000-01-07 | 2004-12-29 | 国际商业机器公司 | System and method for effectively collecting aranging and access to withdrew table of certificate |
US6581059B1 (en) * | 2000-01-24 | 2003-06-17 | International Business Machines Corporation | Digital persona for providing access to personal information |
US6961858B2 (en) * | 2000-06-16 | 2005-11-01 | Entriq, Inc. | Method and system to secure content for distribution via a network |
EP2770455B1 (en) * | 2000-06-16 | 2017-01-25 | MIH Technology Holdings BV | Method and system to exercise geographic restrictions over the distribution of content via a network |
US7076653B1 (en) * | 2000-06-27 | 2006-07-11 | Intel Corporation | System and method for supporting multiple encryption or authentication schemes over a connection on a network |
US20020019838A1 (en) | 2000-07-05 | 2002-02-14 | Silanis Technology Inc. | Status identifier for identifying the approval status of an electronic document |
US6836765B1 (en) * | 2000-08-30 | 2004-12-28 | Lester Sussman | System and method for secure and address verifiable electronic commerce transactions |
US6948061B1 (en) * | 2000-09-20 | 2005-09-20 | Certicom Corp. | Method and device for performing secure transactions |
US6944648B2 (en) | 2000-09-22 | 2005-09-13 | Docusign, Inc. | System and method for managing transferable records |
US7024691B1 (en) * | 2000-10-17 | 2006-04-04 | International Business Machines Corporation | User policy for trusting web sites |
DE10061102B4 (en) | 2000-12-07 | 2010-09-02 | Tc Trust Center Gmbh | System for status inquiry of digital certificates |
WO2002048925A2 (en) | 2000-12-14 | 2002-06-20 | Silanis Technology Inc. | Method and system for the approval of an electronic document over a network |
AU2002215782B2 (en) | 2000-12-14 | 2008-03-06 | Silanis Technology Inc. | Web-based method and system for applying a legally enforceable signature on an electronic document |
US7475151B2 (en) * | 2000-12-22 | 2009-01-06 | Oracle International Corporation | Policies for modifying group membership |
US7349912B2 (en) * | 2000-12-22 | 2008-03-25 | Oracle International Corporation | Runtime modification of entries in an identity system |
WO2002059725A2 (en) | 2001-01-26 | 2002-08-01 | Shearman & Sterling | Methods and systems for electronically representing records of obligations |
US20030088771A1 (en) * | 2001-04-18 | 2003-05-08 | Merchen M. Russel | Method and system for authorizing and certifying electronic data transfers |
US7020645B2 (en) | 2001-04-19 | 2006-03-28 | Eoriginal, Inc. | Systems and methods for state-less authentication |
US6970862B2 (en) * | 2001-05-31 | 2005-11-29 | Sun Microsystems, Inc. | Method and system for answering online certificate status protocol (OCSP) requests without certificate revocation lists (CRL) |
US7149892B2 (en) * | 2001-07-06 | 2006-12-12 | Juniper Networks, Inc. | Secure sockets layer proxy architecture |
US7383433B2 (en) * | 2001-07-31 | 2008-06-03 | Sun Microsystems, Inc. | Trust spectrum for certificate distribution in distributed peer-to-peer networks |
US7120793B2 (en) * | 2001-09-28 | 2006-10-10 | Globalcerts, Lc | System and method for electronic certificate revocation |
US20030074555A1 (en) * | 2001-10-17 | 2003-04-17 | Fahn Paul Neil | URL-based certificate in a PKI |
US20030078987A1 (en) * | 2001-10-24 | 2003-04-24 | Oleg Serebrennikov | Navigating network communications resources based on telephone-number metadata |
US20030130960A1 (en) * | 2001-11-28 | 2003-07-10 | Fraser John D. | Bridging service for security validation within enterprises |
CN1352434A (en) * | 2001-11-29 | 2002-06-05 | 上海维豪信息安全技术有限公司 | Electronic government affairs safety platform system based on trust and authorization service |
US20030126433A1 (en) * | 2001-12-27 | 2003-07-03 | Waikwan Hui | Method and system for performing on-line status checking of digital certificates |
US8086867B2 (en) * | 2002-03-26 | 2011-12-27 | Northrop Grumman Systems Corporation | Secure identity and privilege system |
FI20021738A0 (en) * | 2002-09-30 | 2002-09-30 | Ssh Comm Security Oyj | Procedure for producing certificate revocation lists |
-
2003
- 2003-07-16 US US10/620,817 patent/US7743248B2/en not_active Expired - Fee Related
- 2003-07-17 BR BRPI0312774-5A patent/BRPI0312774B1/en unknown
- 2003-07-17 CA CA2492986A patent/CA2492986C/en not_active Expired - Lifetime
- 2003-07-17 EA EA200500227A patent/EA007089B1/en not_active IP Right Cessation
- 2003-07-17 CN CN038220504A patent/CN1682490B/en not_active Expired - Fee Related
- 2003-07-17 WO PCT/US2003/022191 patent/WO2004010271A2/en active Application Filing
- 2003-07-17 MX MXPA05000696A patent/MXPA05000696A/en active IP Right Grant
- 2003-07-17 NZ NZ537994A patent/NZ537994A/en not_active IP Right Cessation
- 2003-07-17 EP EP03765606.3A patent/EP1540881B1/en not_active Expired - Lifetime
- 2003-07-17 BR BR0312774-5A patent/BR0312774A/en not_active IP Right Cessation
- 2003-07-17 KR KR1020057000955A patent/KR101105121B1/en active IP Right Grant
- 2003-07-17 AU AU2003259136A patent/AU2003259136B2/en not_active Expired
-
2005
- 2005-01-14 IL IL16631105A patent/IL166311A0/en active IP Right Grant
-
2006
- 2006-03-13 HK HK06103187.1A patent/HK1083252A1/en not_active IP Right Cessation
Cited By (1)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US9130918B2 (en) | 2009-09-21 | 2015-09-08 | Thomson Licensing | System and method for automatically verifying storage of redundant contents into communication equipments, by data comparison |
Also Published As
Publication number | Publication date |
---|---|
CN1682490B (en) | 2012-11-14 |
MXPA05000696A (en) | 2005-04-08 |
AU2003259136B2 (en) | 2009-06-04 |
BR0312774A (en) | 2005-05-03 |
US7743248B2 (en) | 2010-06-22 |
EP1540881B1 (en) | 2014-09-10 |
EP1540881A2 (en) | 2005-06-15 |
KR20050074430A (en) | 2005-07-18 |
US20040093493A1 (en) | 2004-05-13 |
HK1083252A1 (en) | 2006-06-30 |
AU2003259136A1 (en) | 2004-02-09 |
CN1682490A (en) | 2005-10-12 |
EA200500227A1 (en) | 2005-08-25 |
CA2492986C (en) | 2011-03-15 |
WO2004010271A2 (en) | 2004-01-29 |
IL166311A0 (en) | 2006-01-15 |
KR101105121B1 (en) | 2012-01-16 |
BRPI0312774B1 (en) | 2018-02-06 |
EA007089B1 (en) | 2006-06-30 |
NZ537994A (en) | 2006-09-29 |
WO2004010271A3 (en) | 2004-08-05 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CA2492986A1 (en) | System and method for a remote access service enabling trust and interoperability when retrieving certificate status from multiple certification authority reporting components | |
US11516016B2 (en) | Method and system for signing and authenticating electronic documents via a signature authority which may act in concert with software controlled by the signer | |
US11233657B2 (en) | Method and system for registering digital documents | |
US9654298B2 (en) | Signature # efficient real time credentials for OCSP and distributed OCSP | |
CN111092737B (en) | Digital certificate management method and device and block link points | |
US7178029B2 (en) | Method and apparatus for validating a digital signature | |
JP4796971B2 (en) | Efficiently signable real-time credentials for OCSP and distributed OCSP | |
US7058619B2 (en) | Method, system and computer program product for facilitating digital certificate state change notification | |
US20050044369A1 (en) | Electronic document management system | |
CN110851877B (en) | Data processing method and device, block chain node equipment and storage medium | |
TWI661331B (en) | System and method for identity verification and privacy protection in public blockchain | |
US8176330B2 (en) | Method, apparatus and article for off-line certification in mobile applications | |
Das et al. | A secure blockchain-enabled vehicle identity management framework for intelligent transportation systems | |
KR100349224B1 (en) | A secure flexible electronic submission | |
JP4846464B2 (en) | System for issuing and verifying multiple public key certificates, and method for issuing and verifying multiple public key certificates | |
CN1922815B (en) | Sign-efficient real time credentials for ocsp and distributed ocsp | |
KR100419484B1 (en) | An efficient certificate validation system and method using validation authority in PKI | |
Wang et al. | Decentralized CRL Management for Vehicular Networks With Permissioned Blockchain | |
JP2004056635A (en) | Update instrument of certificate invalidation list, system and method | |
TW202042527A (en) | Verification and management system for a digital certificate and method thereof | |
Pinkas et al. | RFC 5126: CMS Advanced Electronic Signatures (CAdES) | |
CN117714062A (en) | Asset information processing method, device, equipment and medium based on block chain | |
AU2006202855A1 (en) | Signature-efficient real time credentials for OCSP and distributed OCSP |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
EEER | Examination request | ||
MKEX | Expiry |
Effective date: 20230717 |